aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java186
1 files changed, 186 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
new file mode 100644
index 000000000..04d374e93
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SingleLogOutBuilder {
+
+ public static LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException {
+ LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
+
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloReq.setIssuer(issuer);
+ sloReq.setIssueInstant(new DateTime());
+
+ sloReq.setDestination(sloInfo.getServiceURL());
+
+ NameID nameID = SAML2Utils.createSAMLObject(NameID.class);
+ nameID.setFormat(sloInfo.getUserNameIDFormat());
+ nameID.setValue(sloInfo.getUserNameIdentifier());
+ sloReq.setNameID(nameID );
+
+ return sloReq;
+ }
+
+ public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException {
+ LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloResp.setIssuer(issuer);
+ sloResp.setIssueInstant(new DateTime());
+ sloResp.setDestination(sloService.getLocation());
+ Status status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+ sloResp.setStatus(status);
+ return sloResp;
+ }
+
+ public static LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws ConfigurationException {
+ LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloResp.setIssuer(issuer);
+ sloResp.setIssueInstant(new DateTime());
+ sloResp.setDestination(sloService.getLocation());
+
+ Status status;
+ if (failedOAs == null || failedOAs.size() == 0) {
+ status = SAML2Utils.getSuccessStatus();
+
+ } else {
+ status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+
+ }
+ sloResp.setStatus(status);
+ return sloResp;
+
+ }
+
+ public static SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException {
+ try {
+ EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID);
+ SPSSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ SingleLogoutService sloService = null;
+ for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+ if (el.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ sloService = el;
+
+ else if (el.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
+ && (
+ (sloService != null && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ || sloService == null)
+ )
+ sloService = el;
+
+ else if (el.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)
+ && (
+ (sloService != null
+ && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)
+ && !sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI))
+ || sloService == null)
+ )
+ sloService = el;
+ }
+
+ if (sloService == null) {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+
+ }
+ return sloService;
+
+ } catch (MetadataProviderException e) {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+ }
+
+ }
+
+ public static SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+ MOARequest moaReq = (MOARequest) spRequest.getRequest();
+ EntityDescriptor metadata = moaReq.getEntityMetadata();
+ SPSSODescriptor spsso = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ SingleLogoutService sloService = null;
+ for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+ if (el.getBinding().equals(spRequest.getBinding()))
+ sloService = el;
+ }
+ if (sloService == null && spsso.getSingleLogoutServices().size() != 0)
+ sloService = spsso.getSingleLogoutServices().get(0);
+
+ else {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+ }
+ return sloService;
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 03:13:05 +0000